@Richard Smem - Thanks for reaching out.
It looks like you do not have application permissions. Service principal with clientId and clientSecret needs application permission to work, not delegate permission.
Also you can take a look at these docs for more information on Application objects and Service principals: app-objects-and-service-principals
You typically use delegated permissions when you want to call the Web API as the logged-on user. For example, that the Web API needs to filter the data it returns based on who the user is or execute some action as the logged in user. Or even just to log which user was initiating the call.
Application permissions are used when the application calls the API as itself. For example, to get the weather forecast for a certain zip code (it does not matter which user is logged on). The client can even call the API when there's no user present (some background service calling the API to update some status).
Hope that helps.
-----------------------------------------------------
If the above response helped, please feel free to "Accept as Answer" so it can be beneficial to the community.